The Department of Justice (DOJ) has managed to recover part of the ransom paid to the criminal hacking group believed to be responsible for the attack on the Colonial Pipeline, which disrupted a major supply of fuel to the East Coast for roughly a week in May.
Deputy Attorney General Lisa O. Monaco announced on June 7 that the DOJ, through its new Ransomware and Digital Extortion Task Force, was able to recover about 64 of the 75 bitcoins paid to the attackers by “following the money” — even though the money was in difficult-to-trace cryptocurrency. Once it knew the address of the hackers’ wallet, it was able to get a court order to seize the funds in it. The FBI apparently had the digital key needed to open the wallet. How it got that access has not been made public. The seizure is a rare example of ransomware payments being recovered.